nginx

Rewrite all but some to https

server {

listen 80;

server_name desktophelp.yabroo.com;

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

}

server {

listen 80;

server_name admin.yabroo.com;

rewrite ^ https://$server_name$request_uri? permanent;

# WS Added.

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

SSL certs

Unlike apache, the certificate bundle must be concatonated into the crt, after the primary certificate:

ssl on;

ssl_certificate /etc/httpd/ssl/yabroocom/admin.yabroo.com.crt;

ssl_certificate_key /etc/httpd/ssl/yabroocom/admin.yabroo.com.key;

Forwarding/proxy

location /balance/ {

#proxy_buffers 8 16k;

#proxy_buffer_size 32k;

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

#proxy_set_header X-Real-IP $remote_addr;

#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#proxy_set_header Host $http_host;

#proxy_set_header X-NginX-Proxy true;

proxy_pass https://admin:1337;

include /etc/nginx/proxy.conf;

}

A working conf

#######################################################################

#

# This is the main Nginx configuration file.

#

# More information about the configuration options is available on

# * the English wiki - http://wiki.nginx.org/Main

# * the Russian documentation - http://sysoev.ru/nginx/

#

#######################################################################

#----------------------------------------------------------------------

# Main Module - directives that cover basic functionality

#

# http://wiki.nginx.org/NginxHttpMainModule

#

#----------------------------------------------------------------------

user nginx;

worker_processes 1;

error_log /var/log/nginx/error.log;

#error_log /var/log/nginx/error.log notice;

#error_log /var/log/nginx/error.log info;

pid /var/run/nginx.pid;

#----------------------------------------------------------------------

# Events Module

#

# http://wiki.nginx.org/NginxHttpEventsModule

#

#----------------------------------------------------------------------

events {

worker_connections 1024;

}

#----------------------------------------------------------------------

# HTTP Core Module

#

# http://wiki.nginx.org/NginxHttpCoreModule

#

#----------------------------------------------------------------------

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65;

#gzip on;

server {

listen 443;

server_name admin.yabroo.com;

#ssl on;

#ssl_certificate /etc/nginx/ssl/nixcraft.in.crt;

#ssl_certificate_key /etc/nginx/ssl/nixcraft.in.key;

ssl on;

ssl_certificate /etc/httpd/ssl/yabroocom/admin.yabroo.com.crt;

#ssl_certificate /etc/httpd/ssl/yabroocom/chain.crt;

ssl_certificate_key /etc/httpd/ssl/yabroocom/admin.yabroo.com.key;

#ssl_protocols SSLv3 TLSv1;

#ssl_ciphers HIGH:!aNULL:!MD5;

# location api.yabroo.com {

# proxy_pass https://192.168.1.104:444;

# proxy_set_header Host $host;

# include /etc/nginx/proxy.conf;

# }

location / {

proxy_pass https://192.168.1.100:444;

proxy_set_header Host $host;

# # include /etc/nginx/proxy.conf;

}

location /balance/ {

#proxy_buffers 8 16k;

#proxy_buffer_size 32k;

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

#proxy_set_header X-Real-IP $remote_addr;

#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#proxy_set_header Host $http_host;

#proxy_set_header X-NginX-Proxy true;

proxy_pass https://admin:1337;

include /etc/nginx/proxy.conf;

}

location admin.yabroo.com {

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

include /etc/nginx/proxy.conf;

}

}

server {

listen 77.67.63.211:443;

server_name myaccount.yabroo.com;

#ssl on;

#ssl_certificate /etc/nginx/ssl/nixcraft.in.crt;

#ssl_certificate_key /etc/nginx/ssl/nixcraft.in.key;

ssl on;

ssl_certificate /etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.crt;

#ssl_certificate /etc/httpd/ssl/yabroocom/chain.crt;

ssl_certificate_key /etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.key;

#ssl_protocols SSLv3 TLSv1;

#ssl_ciphers HIGH:!aNULL:!MD5;

# location api.yabroo.com {

# proxy_pass https://192.168.1.104:444;

# proxy_set_header Host $host;

# include /etc/nginx/proxy.conf;

# }

location / {

proxy_pass https://192.168.1.100:444;

proxy_set_header Host $host;

# # include /etc/nginx/proxy.conf;

}

location myaccount.yabroo.com {

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

include /etc/nginx/proxy.conf;

}

}

#

# The default server

#

server {

listen 80;

server_name faq.yabroo.com;

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

}

server {

listen 80;

server_name help.yabroo.com;

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

}

server {

listen 80;

server_name desktopfaq.yabroo.com;

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

}

server {

listen 80;

server_name desktophelp.yabroo.com;

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

}

server {

listen 80;

server_name admin.yabroo.com;

rewrite ^ https://$server_name$request_uri? permanent;

# WS Added.

location / {

proxy_pass http://192.168.1.100:8080;

include /etc/nginx/proxy.conf;

}

location /nagios/ {

#proxy_buffers 8 16k;

#proxy_buffer_size 32k;

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

#proxy_set_header X-Real-IP $remote_addr;

#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#proxy_set_header Host $http_host;

#proxy_set_header X-NginX-Proxy true;

proxy_pass http://database/nagios/;

include /etc/nginx/proxy.conf;

}

# location /balance {

# proxy_set_header X-Real-IP $remote_addr;

# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# proxy_set_header Host $http_host;

# proxy_set_header X-NginX-Proxy true;

# proxy_pass https://admin:1337;

#include /etc/nginx/proxy.conf;

# }

#charset koi8-r;

#access_log logs/host.access.log main;

#location / {

# proxy_pass http://127.0.0.1:8080;

# include /etc/nginx/proxy.conf;

# root /usr/share/nginx/html;

# index index.html index.htm;

#}

# location / {

# proxy_pass http://83.222.241.68:433;

# include /etc/nginx/proxy.conf;

# }

error_page 404 /404.html;

location = /404.html {

root /usr/share/nginx/html;

}

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/share/nginx/html;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ \.php$ {

# proxy_pass http://127.0.0.1;

#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

#location ~ \.php$ {

# root html;

# fastcgi_pass 127.0.0.1:9000;

# fastcgi_index index.php;

# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

# include fastcgi_params;

#}

# deny access to .htaccess files, if Apache's document root

# concurs with nginx's one

#

#location ~ /\.ht {

# deny all;

#}

}

# Load config files from the /etc/nginx/conf.d directory

include /etc/nginx/conf.d/*.conf;

}